Show more
can't wait until i can flash pleroma onto my brain and become a walking instance federating my thoughts directly over activitypub

Just resolved this by removing from AllowedIPs on clients, so I can safely split tunnel and only use the VPN for stuff in my home network, rather than all traffic!

Show thread

Terraform, more like terrorform

(Just kidding, I love terraform)

I guess I could some real server hardware, maybe some Ubiquiti networking gear.. πŸ’°

Show thread

Should I get a pi 4, an Intel NUC, an Odroid, or something else?

Show thread

My only issue now is that the throughput on the pi is miserably slow..

Left: speedtest on the rpi
Right: speedtest on my iPad

To be fair, this pi is 7 years old, it’s one of the first generation models...

Show thread

I'm so proud I figured this out, but it was so painful.. This is at least 5 hours of work πŸ˜‚

Show thread

7. Configure dnsmasq to route requests to to the cluster IP of the private ingress running in Kubernetes
8. Peer Wireguard client to Raspberry Pi (on Macbook, phone, etc), and set DNS to Raspberry Pi Wireguard IP
9. Hit `` and it should resolve!

Show thread

Alrighty, I just got this working, here's roughly how I did it:

1. Deploy private nginx ingress on Kubernetes, with its own ingress class
2. Wireguard server running on Raspberry Pi
3. Wireguard client running on Intel NUC (Kubernetes)
4. Peer Intel NUC to Raspberry Pi via Wireguard
5. Configure Wireguard on Raspberry Pi to route all traffic to Intel NUC
6. Disable systemd DNS resolution on Raspberry Pi and install dnsmasq

Show thread

I've put metallb in front of nginx ingress, so I get the public IP, but I can't whitelist off that because my home IP is always changing.. And if I'm on the same network, nginx doesn't seem to receive a special header from metallb relating to it..

I have wireguard running on my pi, and I'm open to the idea of setting up a tunnel between that and the :k8s: node so I can hit internal IPs, but it's not the solution I want

Show thread

Does anyone know how I could make my home :k8s: cluster differentiate between clients on the local network, and external clients? I feel like I must be missing something...

I want to expose some services internally (also via a VPN into my network), but I'm just hitting a dead end. I'm at the point where I think there's some piece of vocabulary that I'm missing πŸ€”

#caturday the new house became more cat friendly this week.

Yesterday, a cat door. Today, cat shelves.

(The house came with the Disco lighting already installed.)

#cats #Mastocats

I really need to blog more. But first, I need to move back over to GitHub and stop paying so much for my self hosted GitLab instance

The code's already mirrored over, I just need to get Kubernetes deployments working from GitHub Actions (should be pretty easy!)

I do this with every drink.. My delicious hot coffee quickly becomes an iced coffee

Show thread

Setup wireguard on a raspberry pi on my home network, so I no longer have to expose as much as I do right now

Should have done this ages ago!

I bought a new pen, a Pilot Custom 823. New year, new pen (and maybe this will be the first and last pen I buy this year?)

Show more
Melbourne Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!